CVE-2019-25608

HIGH

Iperius Backup 6.1.0 Privilege Escalation via Backup Job

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25608. PoCs published by bzyo.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Iperius Backup 6.1.0 by allowing low-privilege users to execute arbitrary commands as the service account (Local System or Administrator) via a malicious batch file executed as part of a backup job.

Description

Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bzyo · textlocalwindows

https://www.exploit-db.com/exploits/46863

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Iperius Backup 6.1.0 by allowing low-privilege users to execute arbitrary commands as the service account (Local System or Administrator) via a malicious batch file executed as part of a backup job.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Iperius Backup 6.1.0

Auth required

Prerequisites: local access to the system · Iperius Backup and Iperius Backup Service installed · low-privilege user account

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-46863

https://www.exploit-db.com/exploits/46863

Product product

Official Product Homepage

https://www.iperiusbackup.com/

Product product

Product Reference

https://www.iperiusbackup.com/download.aspx

Third Party Advisory third-party-advisory

VulnCheck Advisory: Iperius Backup 6.1.0 Privilege Escalation via Backup Job

https://www.vulncheck.com/advisories/iperius-backup-privilege-escalation-via-backup-job

Scores

CVSS v3 8.4

EPSS 0.0014

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-520

Status published

Products (1)

Iperius/Iperius Backup 6.1.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026